Russell Nelson <[EMAIL PROTECTED]> writes:
> Well, actually it *could*, under certain conditions. If you don't
> have any .qmail-.*default's, you could create a CDB containing all the
> valid addresses, which qmail-smtpd could consult after sufficient
> patching. However, that still has the problem of giving away your
> valid addresses to spammers. And, .qmail-.*default files are *so*
> useful.
There are situations in which you do want to selectively decline certain
RCPT TO:s. Real-life example: corporate firewall relays to internal
hosts. User <[EMAIL PROTECTED]> gets popular with the
spammers then departs for greener pastures. I still need to accept mail
from the Internet for all foo.internal.example.com users and try to relay
it to them, but I *know* that mail for bob is going to turn into a
bounce-o-gram and end up doublebouncing to me 9 times out of 10. Being
able to say "550 Unknown User" in the initial SMTP conversation for that
one selected address would save everybody a lot of trouble.
What I picture would be a CDB consulted by qmail-smtpd; it would inhale
the job of rcpthosts and morercpthosts. For each RCPT address, it would
progressively break it down and check for a match, which would contain an
instruction "bounce with $MSG" or "accept for relaying". Eg. for
<[EMAIL PROTECTED]> it would check [EMAIL PROTECTED],
[EMAIL PROTECTED], host.example.com, and then .example.com
(followed presumably by .com and "root" lookups, if we get that far, but
nothing useful could be configured at the root level). Or we could just
check for a user@host record and accept any and all extensions if the
user is valid, thereby saving lookup steps. Or the user@host record
could say to backup and try extensions if we want to setup such
fine-grained control for that user.
In the default case, you'd setup a single host.example.com:accept record,
but you'd have the option of [EMAIL PROTECTED]:accept, likewise
for the other users, and then host.example.com:550_unknown_user.
Being able to say "550 moved - try <[EMAIL PROTECTED]>" would be
nice too, not that the crap MTAs of the world ever actually tell the user
the actual text from the SMTP rejection.
BTW, is the possibility of spammers checking for valid users via the RCPT
command a real-world problem? If they really cared, they could set up a
valid mailer to match their MAIL FROM and analyze the bounce. IMHO
weighing that against the other problem of filling your queues with
bounces-to-spam and having them all doublebounce into your lap does call
for a value judgement here.
--
Anthony DeBoer <[EMAIL PROTECTED]>
